|
What do I do if a Nessus vulnerability scan reports the "Nessus ID 42873 - SSL Medium Strength Cipher Suites Supported" vulnerability against my Splunk Web TCP port that is configured to use HTTPS? |
|
You can set SSLv3 only mode via web.conf, but keep in mind that this may create an issue with legacy systems/browsers attempting to access Splunk Web: http://www.splunk.com/base/Documentation/latest/Admin/Webconf supportSSLV3Only = [True | False]
UPDATE: Splunk 4.3+ supports a cipher list parameter in web.conf that allows you to specify that Splunk Web should only use certain cipher suites: http://blogs.splunk.com/2012/01/10/splunk4-3-shiny-new-security-features/ I have set it to sslv3 only, but now I get an error based on key size? Plugin Output Here is the only medium strength SSL cipher supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
(20 Oct '10, 18:28)
ddholstadz
Did you find an answer to this one I am running into this same issue. I have "supportSSLV3Only = True" turned on but am seeing that same Nessus vulnerability during my scans.
(07 Mar '11, 17:00)
peter_white
|
|
You could also you the cipherSuite stanza in conjunction with the supportSSLV3Only stanza. |
